You can choose a password length of not more than 50 characters. Do not forget to switch keyboard layout to the English. Do not choose a password too simple, less then 4 characters, because such a password is easy to find out. Allowed latin and [email protected]#$%^&*()_-+=., characters

Using Nginx module to fight against DDoS attacks

Many people have faced the DDoS attacks and HTTP flooding. No, this is not just another tutorial on setting up nginx, but I would like to introduce my module that works as a quick filter between the bots and backend during L7 DDoS attacks, as well it allows filtering the garbage requests.

The module can do:

• To set cookies in a standard way through HTTP header Set-Cookie. After the cookies are set it redirects the user using the response code 301 and Location header.
• After the cookies are set it redirects the user using the response code 200 and HTML tag Meta refresh.
• To count the number of attempts to set the cookies and to direct the user to a specified URL after exceeding the maximum number of unsuccessful attempts.
• To use the custom templates for the filter response, for example, to set cookies through JavaScript.
• To prevent automated parsing of responses that are aimed at the execution of JavaScript, to encrypt the value of variables in the template using the symmetric encryption algorithm to further decryption through JavaScript on the client side (using SlowAES).
• To whitelist the network (e.g., networks where live searching robots)
• To do some useful things during the DoS attacks.

The module cannot do:

• This module only returns to the client the specified answers and you must make your own decision about blocking the client (for example, using fail2ban).
• Some people may say that I simulate JavaScript, but let's be realistic, that you often get DoS attack by bots with full emulation.
• There is nothing in the documentation about captcha and flash, but if you want, you can get them yourself, you just need to use your imagination in the configuration.
• This module is not a panacea it is only a small component in a complex of protective measures, a tool that can help you, if it will be properly used.

How does it work?

Most often, the bots that implement HTTP flood are doll, and they do not have any mechanisms for HTTP Cookie and redirects. Sometimes, there are more advanced bots that could use cookies and redirects, but almost never DoS bot could have JavaScript engine.
To understand the operation concept of this filter, there is given below the communication flow of client-server, depending on the scenario of attack.

The bots do not understand the redirects and the cookiesThe bots understand the redirects and the cookies, but they do not do JavaScriptConfiguration examples for the main attack scenarios

The bots do not understand the redirects and the cookies
(a typical case)server {
listen 80;
server_name domain.com;